Pages

Wednesday, March 12, 2014

Cyber Security Breaches Need A Mandatory Reporting Mechanism

Cyber security attacks have become very
sophisticated in nature. The recent malware named Uroburos/Snake
is another example of growing cyber espionage and cyber warfare among
various nations. The era of websites defacement is well over and
stealing of sensitive information is the new trend.

India is a very late starter as far as cyber
security is concerned. The speed of cyber security initiative of
India is still very slow. Further, there is no dedicated cyber
security law of India that can be used in cases of cyber
crimes, cyber attacks and cyber contraventions. The information
technology act, 2000 is ill suited to take care of the cyber security
related issues in India.

The telecom companies/internet services providers
(ISPs) are also not sharing information pertaining to cyber attacks
against their networks. As a result, a robust cyber security strategy
to counter cyber attacks cannot be formulated.

National Security Council Secretariat (NSCS) has
requested
Reliance Jio Infocomm to share potential cyber security threats on
India’s telecom networks. India has announced that cyber
security breach disclosure norm would be formulated very
soon. However, till now no such disclosure norms are applicable in
India against telecom companies/ISPs of India.

Strict enforcement of the license
conditions (PDF) and the proposed national
telecom security policy of India 2014 may change this
scenario in the near future. However, nothing is better than
formulating a good cyber security law of India that can establish a
regulatory regime for compulsory cyber security breach notifications
on the part of telecom companies/ISPs.

This is important as critical infrastructures of
India like automated
power grids, thermal
plants, satellites,
etc are vulnerable to diverse forms of cyber attacks. This is the
reason why NTRO has been assigned
the task of protecting the critical infrastructure of India. Till the
national cyber coordination centre (NCCC) is put
into place, national level cyber security coordination
would be missing.